Page 27 - Impiantistica Italiana
P. 27
Fig. 2 - Stages of the into a digital (i.e., computer-readable) format, in of the efficiency fueled connectivity, will result in
secure development li- which the information is organized into bits. Digi- increased downtime, and increased threats to hu-
fecycle tization creates the infrastructure for digitalization. man and process safety.
The happy medium is increased digitization and
Digitalization connectivity (in order to stay competitive and grow
Digitalization takes the process a step further. Di- revenues) with a sufficient degree of cybersecurity
gitalization implies the use of digital technologies (and this sufficient degree differs within each com-
and of data in order to create revenue, improve bu- pany and within each industry).
siness, replace/transform business processes and
create an environment for digital business, whereby
digital information is at the core. A fresh example IT managers, and security managers
of digitalization at work is the concept of a “digital share their expertise.
twin” where a virtual version of an operating pro- In an IIoT world, cybersecurity will need
cess, a machine or a plant is built (prior to building to be built into every control system
the real thing) to help make highly accurate predic-
tions for how that process, machine, or plant will hardware and software component,
actually behave once in operation. Digitalization, in protecting every node that has computing
essence, represents a corporate framework that capability
allows for the exploitation of Industrial Internet of
Things (IIoT) benefits.
An initial strategy, borrowed from the IT industry,
Digital Transformation is to build firewalls to keep outsiders from coming
Digital Transformation, the third step of the pro- into the corporate network and getting into the
cess, consists, in essence, of a business strategy control system. That’s often not the best plan for oil
that leverages digitalization to lower costs and in- & gas because the industry has unique operational
crease profitability across the business. constraints and must account for the intersection
at which IT and OT systems meet. A security ap-
Business benefit derived proach that fits one side does not necessarily suit
These technological movements all imply a high the other. Within oil & gas proprietary devices once
degree of connectivity and analysis of data. They dedicated to specialized applications, are now
represent a vast acceleration in the ability to quickly vulnerable. Sensitive information about how these
assess fluid business situations and to make accu- devices work can be accessed online by anyone,
rate predictions and decisions. The amount of time including those with malicious intent. For those re-
and degree of investment required in the past to asons, it’s necessary to develop cross-functional
perform such work was prohibitive. Today, acqui- teams capable of addressing the unique challen-
ring such abilities is both affordable and a prere- ges of securing technology that spans both worlds.
quisite for remaining competitive. According to the Protecting against today’s cyber threats requires
World Economic Forum, digitalization and related cross-domain efforts where engineers, IT mana-
initiatives have the potential to create around $1 gers, and security managers share their expertise.
trillion of value for oil and gas firms [5]. In an IIoT world, cybersecurity will need to be built
into every control system hardware and software
Influencer #4: Cybersecurity management component, protecting every node that has com-
Cybersecurity threats grow in proportion to the ex- puting capability.
pansion of connectivity. However, the benefits of Responsible manufacturers are now designing
connectivity outweigh the risks of cyber-attacks, cybersecurity into every module they build and de-
especially when cybersecurity best practices be- liver so that clients don’t have to concern themsel-
come part of all normal business activities. A lack ves with building in cybersecurity after they purcha-
of digitization and the related connectivity can cut se a new product.
into production efficiency gains. For example, it Manufacturers like Schneider Electric, for example,
is projected that the flood of Industrial Internet of apply a Secure Development Life Cycle (SDL) ap-
Things (IIoT)-enabled smart devices will facilitate proach to products such as their new Achilles Level
information exchanges among control systems re- 2 Certified M580 PLCs. Within the context of SDL,
sulting in efficiency gains of up to 26%. secure architecture reviews are performed, threat
On the other hand, failure to enforce cybersecurity modeling of the conceptual security design takes
best practices, that are made necessary because place, secure coding rules are followed, speciali-
Impiantistica Italiana - Marzo - Aprile 2018 25
